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» The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 
• Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 31 October 2002 . 
2a)^ This action is FINAL. 2b)Q This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1-117 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-117 is/are rejected. 
7>n Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
11 )□ The proposed drawing correction filed on is: a)Q approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§ 119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

aO All b)D Some*c)D None of: 

1.D Certified copies of the priority documents have been received. 

2-0 Certified copies of the priority documents have been received in Application No. . 

3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) Q Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
Attachment(s) 

1) □ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) Paper No(s). . 



2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) Q Notice of Informal Patent Application (PTO-152) 

3) O Information Disclosure Statement(s) (PTO-1 449) Paper No(s) . 6) □ Other: 
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DETAILED ACTION 



Response to Arguments 



1 . Applicant's arguments filed October 3 1 , 2002 have been fully considered but they are not 
persuasive. The applicant has argued that "Crichton does not teach or suggest the specific 
sequence of steps in Applicant's claims." The examiner respectfully disagrees for it is disclosed 
by Crichton of "The initial connection is made using the standard TCP/IP connection mechanism. 
Each connection, no matter which program installed it, is a TCP/IP connection and is therefore 
duplex. This invention provides a Lightweight Secure Tunnel Protocol (LSTP) which is used on 
top of TCP/IP to provide for proper sequencing of tunnel management events." as is recited on 
column 4, lines 58-64. It is additionally recited in column 6, lines 30-33 of "the Secure Sockets 
Layer (SSL) was chosen as the security protocol to secure the tunnel. SSL provides for data 
integrity, data, privacy, and authenticity of the originating parties." The teachings of Crichton do 
disclose of a sequence in which the applicant's authentication process is claimed. Additionally, 
claims 1 and 79 recite of "comprising" which is interpreted to comprise atleast the listed 
limitations recited in the particular claims, but with no particular ordering. 

It is additionally argued by the applicant that "Crichton does not teach or suggest 
multiplexing other connections through the secure connection once both the endpoints have been 
authenticated." The examiner again respectfully disagrees, for the authentication sequence occurs 
prior to the multiplexing in the teachings of Crichton, for it is disclosed by Crichton that 
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"Requested resources may include "multiplexed channels on an existing tunnel connection or new 
tunnel connections in addition to established tunnel connections" as is recited in column 7, lines 2- 
5. According to Crichton, the tunnel is pre-existent to multiplexing communications. The 
authentication sequence is documented above by the examiner whereby mutual authentication 
occurs for the endpoints as is disclosed by Crichton (column 2, lines 26-27). 



2, Portions of the information disclosure statement have been considered by the examiner. 
The examiner has not considered the citations in which the reference has not been provided by the 
applicant. If the applicant wishes for the examiner to considered those references, copies need to 
be provided by the applicant so that they can then be considered. 



3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless ~ 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371© of this title before the invention 
thereof by the applicant for patent. 



4. Claims 1,13,14,16,17,21,22,40,52,53,55,56,60,61,79,91,92,94,95,99, and 100 are rejected 
under 35 U.S.C. 102(e) as being anticipated by Crichton et al. 



Information Disclosure Statement 



Claim Rejections - 35 USC §102 
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As per claims 1,40, and 79, it is disclosed by Crichton et al of a multiplexing and tunneling 
system which comprises a TCP/IP connection between a client (located on a user level) and a 
server (col. 4, lines 62-66 and col. 12, lines 9-15). SSL is used as the security protocol over the 
(opened) TCP/IP connection which is used under the LSTP tunnel protocol (col. 4, lines 62-66 
and col. 6, lines 30-39). Both of the parties (endpoints) of the (SSL TCP/IP) connection are 
mutually authenticated who are establishing the secure channel (col. 2, lines 26-27 and col. 6, 
lines 31-33). Other connections are multiplexed through the secure channel (connection) over the 
single TCP/IP connection once they have both been authenticated (col. 2, lines 26-27, col. 6, lines 
31-33, col. 7, lines 3-5, and col. 12, lines 9-15). 

As per claims 13,52, and 91, it is taught by Crichton et al of the use of a firewall (packet 
filter mode), SOCKS (mode), and client side proxies (standalone mode)(col. 2, lines 20-22, 41- 
44). 

As per claims 14,16,53,55,92, and 94, it is recited by Crichton et al of the use of a firewall 
(gate), secure tunnels (portals), and a client executing behind a firewall (gate) which participates 
in the tunnel (portal)(col. 2, lines 19-23, 32-41). 

As per claims 17,21,56,60,95, and 99, Crichton et al discloses of the use of an Internet 
and an Intranet which comprises establishment of a secure channel (connection)(col. 2, lines 26- 
27, col. 3, lines 33-34, col. 6, lines 31-33, and col. 8, line 61). 

As per claims 22,61, and 100, it is disclosed by Crichton et al of the use of a firewall 
(gate), secure tunnels (portals), and a client executing behind a firewall (gate) which participates 
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in the tunnel (portal)(col. 2, lines 19-23, 32-41). The Intranet comprises a secure channel 
(connection)(col. 2, lines 26-27, col. 6, lines 31-33, and col. 8, line 61). 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 3-1 1,42-50, and 8 1-89 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Crichton et al. 

As per claims 3,42, and 81, it is disclosed by Crichton et al of the use of SSL and by 
establishing secure tunnels. The teachings of Crichton et al are silent in disclosing that the secure 
connections are symmetric. The examiner hereby takes official notice that such a concept is 
notoriously well known. It would have been obvious to a person of ordinary skill in the art at the 
time of the invention to have understood that the use of SSL and secure tunnels involve the use of 
encryption/decryption based upon keys. Symmetric encryption uses the same key to encrypt and 
decrypt information whereby the encryption key is calculated from the decryption key and that the 
sender and receiver agree on a key before communicating securely. It is obvious that the 
teachings of Crichton et al use symmetric encryption for the establishment of a secure tunnel 
connection which is used to pass information back and forth in a protected manner. 
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As per claims 4,5,43,44,82, and 83, the teachings of Crichton et al disclose of establishing 
multiplexing and tunneling (secure connection). The teachings are silent in disclosing of either of 
the endpoints of the being able to receive data or receive connection. The examiner hereby takes 
official notice that such a concept is notoriously well known to one of skill in the art. It would 
have been obvious to a person of ordinary skill in the art to have been motivated to apply a means 
of being able to receive data and to receive connection requests. It is notoriously well known to 
one of skill that in order to establish a connection between two parties (endpoints), one of the 
parties (endpoints) have to initiate the connection whereby the other receives the request for 
connection and if the connection is authenticated (in light of the teachings of Crichton et al), the 
connection is permitted between the two. Additionally, the teachings of Crichton et al disclose of 
establishing a secure tunnel between two partied (endpoints) whereby it is notoriously well known 
that either of the two can receive data wherein one of the locations is a sender and the other is the 
recipient of the information. It is obvious that the teachings of Crichton et al comprise the 
features of atleast one of the parties (endpoints) being able to receive connection requests and to 
receive data for that is the intent of the teachings to establish a secure tunnel (connection) which 
mutually authenticates both parties (endpoints) and upon successful authentication, secure 
communications is permitted which would include the sending and receiving of data (col. 2, lines 
26-27 and col. 6, lines 31-33). 

As per claims 6,7,1 1,45,46,50,84,85, and 89, it is disclosed by Crichton et al of a means 
which uses multiplexing and the establishment of secure tunnels. The teachings of Crichton et al 
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are silent on disclosing the use of maintaining sufficient send buffers for receiving forwarded data 
between endpoints and maintaining buffers for the multiplexed data. The examiner hereby takes 
official notice that such a concept is notoriously well known. It would have been obvious to a 
person of ordinary skill in the art that the use of buffers is necessary since large amounts of data 
can not be in complete form, but rather in segmented portions by means such as packets or 
frames. Since the information has to be segmented, it is held in a temporary storage which holds 
it until all the information has been received where it will then be reassembled into its original 
form where it can then be executed. Since is it notoriously well known that a processor cannot 
properly execute portions of data or if the data is out of order, buffering the data would allow the 
data in its entirety to be successfully executed if it is sent through a single connection or 
transferred to multiple destinations via multiplexing. Although the teachings of Crichton et al are 
silent on this concept, it is obvious that there exists sufficient buffers to handle large volumes of 
information that which are transferred across networks in a secure manner. 

As per claim 8-10,47-49, and 86-88, the teachings of Crichton et al are silent in disclosing 
the use of queuing data received at a destination, dispatching the queued data to a final 
destination, and to acknowledge the receipt of the data which tracks the usage of buffers at the 
endpoint. The examiner hereby takes official notice that such a concept is notoriously well known. 
It would have been obvious to a person of ordinary skill that it is notoriously well known that the 
use of buffers is necessary since large amounts of data can not be in complete form, but rather in 
segmented portions by means such as packets or frames. Since the information has to be 
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segmented, it is held in a temporary storage which holds it until all the information has been 
received where it will then be reassembled into its original form where it can then be executed. 
The information is then placed in a queue which accepts stages the data as a first in, first out 
pattern and the recipient then reassembles the data and checks to see if all the data has been 
correctly received. The information in the buffers is tracked to monitor the data flow to insure 
that all the data is received. It is obvious that the teachings of Crichton et al utilizes a queue for 
staging data as is notoriously known to one of skill in the art. 

7. Claims 2,28-39,41,67-78,80, and 106-1 17 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Crichton et al in view of Fox et al. 

As per claims 2,41, and 80, it is disclosed by Crichton et al of a means which utilizes 
secure tunneling and the use of multiplexing. The teachings disclose of the use of the TCP/IP 
protocol (col. 4, lines 62-66 and col. 12, lines 9-15), but are silent on the use of the UDP. It is 
disclosed by Fox et al of a means which utilizes SSL connections and the use of UDP (col. 4, lines 
49-51 and col. 8, lines 36-39). It would have been obvious to a person of ordinary skill in the art 
that the use of a particular protocol type is arbitrary and it depends on the type of infrastructure 
which is implemented and the types of protocol which are compatible with it. Fox et al discloses 
motivation for the use of UDP instead of TCP by reciting that UDP does not require a connection 
to be negotiated and it eliminates the need to exchange large volumes of packets during a session 
(col. 4, lines 55-60). If the intent of the teachings of Crichton et al were to include bandwidth 
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issues, then conservation of packet transfers would have been most efficient utilized through the 
use of UDP instead of TCP as taught by Fox et al. 

As per claims 28-39,67-78, and 106-1 17, it is disclosed by Crichton et al of the use of a 
firewall (gate), secure tunnels (portals), and a client executing behind a firewall (gate) which 
participates in the tunnel (portal)(col. 2, lines 19-23, 32-41). Additionally employed is 
multiplexing and a tunneling system which comprises a TCP/IP connection between a client and a 
server (col. 4, lines 62-66 and col. 12, lines 9-15). Fox et al is relied upon for the use of UDP. 
The teachings of Crichton et al and Fox et al are silent in disclosing of the use of record 
exchanges between the endpoints wherein an usheropen, usheropenreply, ushersend, usherclose, 
ushersendudp, usherack, usherend, and usherrst records. The examiner hereby takes official 
notice that the use of those records are notoriously well known as protocol standards for 
establishing connections and allowing computers to communicate with one another. It would 
have been obvious to a person of ordinary skill in the art at the time of the invention to have been 
inclined to use a particular type of protocol to set up communications with a remotely located 
node and that there are procedures that have to occur in order for the communications to take 
place. Using an usheropen command would allow a connection to be opened, the usheropen reply 
is a reply responsive to the usheropen command, the ushersend command passes the information, 
the usherack acknowledges the information that which is received, the usher close command ends 
the connection, the ushersendudp command initiates the sending of UDP packets, the usherend 
command terminates a connection, and the usherrst command resets the connection. In any of the 
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situations, the particular protocol type commands are responsive to conditions that dictate the 
success of a connection, for the cause of the usherack command, if an acknowledgment is 
unsuccessful, then the connection can not be established, it may or may not retry sending for an 
acknowledgment and then may time out without a connection being established. It is obvious that 
the teachings of Crichton et al and Fox et al follow the protocols of TCP and UDP and obey the 
rules that govern the particular type of protocol as is notoriously well known that which is used 
for establishing connections and allowing the respective computers to communicate. 
8. Claims 12,51, and 90 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Crichton et al in view of Griffiths et al. 

It is disclosed by Crichton et al of the establishment of a secure tunnel across the Internet. 
The teachings of Crichton et al are silent on disclosing of resolving domain names. It is taught by 
Griffiths et al of the use of a domain name system which resolves domain names (col. 11, lines 59- 
63). It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to have been motivated to apply a means to resolve domain names in order to establish a 
connection with a remotely located web site. Griffiths et al recites motivation for the use of DNS 
by reciting that it is essential that domain name has an associated IP address that needs to be 
determined from the URL address. Since the user enters a URL address, it must be resolved to a 
specific IP address in order to access the web site (col. 11, line 59 through col. 12, line 15). It is 
obvious that the teachings of Crichton et al use domain name resolving since it is essential for this 
to occur unless if the particular user knows the IP address which can then be entered. 
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9. Claims 15,18-20,23-25,54,57-59,62-64,93,96-98, and 101-103 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Crichton et al in view of Coley et al. 

It is disclosed by Crichton et al discloses of the use of an Internet and an Intranet which 
comprises establishment of a secure channel (portal)(col. 2, lines 26-27, col. 3, lines 33-34, col. 6, 
lines 31-33, and col. 8, line 61) It is additionally disclosed of the use of a firewall (gate), secure 
tunnels (portals), and client side proxies executing behind a firewall (gate) which participates in 
the tunnel (portal)(col. 2, lines 19-23, 32-44). Crichton et al of the use of a firewall, but the 
disclosure is silent in reciting of the use of a bastion firewall host computer. It is disclosed by 
Coley et al of this feature of a bastion firewall host computer (col. 12, line 12). It would have 
been obvious to a person of ordinary skill in the art to have been motivated to apply a bastion 
firewall since Coley et al recites motivation for the use of a bastion firewall by disclosing that 
using a firewall as a bastion host, it acts on behalf of the user and the identity of the internal 
network elements is preserved since the firewall protects the identity of whose elements it is 
acting on behalf of and the external users see the address of the firewall, not the internal elements, 
namely the user's client computer (col. 12, lines 14-24). The teachings of Crichton et al would 
have benefitted from this feature to allow the user's identity to be further protected in addition to 
establishing a secure connection with a trusted location and the teachings of Coley et al add an 
additional security measure which would not have affected the operations of the teachings of 
Crichton et al. 
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10. Claims 26,65, and 104 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Crichton et al in view of Raz. 

The teachings of Crichton et al disclose of the use of an Internet and an Intranet which 
comprises establishment of a secure channel (connection)(col. 2, lines 26-27, col. 3, lines 33-34, 
col. 6, lines 31-33, and col. 8, line 61). The teachings of Crichton et al are silent in reciting of the 
use of a second Intranet. It is disclosed by Raz of the use of multiple Intranets (col. 1 1, lines 56- 
57). It would have been obvious at the time of the invention to have been motivated to apply 
additional Intranets to allow multiple users residing on different Intranets access to the Internet. 
The teachings of Raz recite motivation for the use of multiple Intranets by disclosing firewalls 
protect the Intranets and SSL is used to protect the transaction data that is conducted by the 
clients located on the Intranets and the servers located on the Internet (col. 11, lines 53-64). It is 
obvious that the teachings of Crichton et al are not limited to just one Intranet, but rather to 
multiple Intranets to allow for secure transactions to be conducted via SSL from any location. 

1 1 . Claims 27,66, and 105 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Crichton et al in view of Raz in further view of Coley et al. 

It is disclosed by Crichton et al discloses of the use of an Internet and an Intranet which 
comprises establishment of a secure channel (portal)(col. 2, lines 26-27, col. 3, lines 33-34, col. 6, 
lines 31-33, and col. 8, line 61). It is additionally disclosed of the use of a firewall (gate),secure 
tunnels (portals), and a client executing behind a firewall (gate) which participates in the tunnel 
(portal)(col. 2, lines 19-23, 32-41). Raz is relied upon for the use of multiple Intranets. Crichton 
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et al of the use of a firewall, but the disclosure is silent in reciting of the use of a bastion firewall 
host computer. It is disclosed by Coley et al of this feature of a bastion firewall host computer 
(col. 12, line 12). It would have been obvious to a person of ordinary skill in the art to have been 
motivated to apply a bastion firewall since Coley et al recites motivation for the use of a bastion 
firewall by disclosing that using a firewall as a bastion host, it acts on behalf of the user and the 
identity of the internal network elements is preserved since the firewall protects the identity of 
whose elements it is acting on behalf of and the external users see the address of the firewall, not 
the internal elements, namely the user's client computer (col. 12, lines 14-24). The teachings of 
Crichton et al would have benefitted from this feature to allow the user's identity to be further 
protected in addition to establishing a secure connection with a trusted location and the teachings 
of Coley et al add an additional security measure which would not have affected the operations of 
the teachings of Crichton et al. 

Conclusion 

1 2. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
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will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing date 
of this final action. 

13. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Christopher Revak whose telephone number is (703) 305-1 843. The 
examiner can normally be reached on Monday-Thursday from 6:30 am to 4:00 pm. The examiner 
can also be reached on alternate Fridays from 6:30 am to 3:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Gail Hayes, can be reached on (703) 305-971 1 . The fax phone number for the organization where 
this application or proceeding is assigned as follows: 

for After-Final Communications: (703) 746-7238; 

for Official Communications: (703) 746-7239; 

for Non-Official Communications: (703) 746-7240. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 305-3900. 

LYV.HUA 
PRIMARY EXAMINER 

CR 



January 6, 2003 



